Company Profile

Security Operation Center - SoC Engineer at (Bengaluru, India)

About the Employer

Job Description

Responsible for conducting incident response operations according to industry best practices.  Must have extensive experience in multiple security areas such as SIEM, IDS, APT, and WAF.  Should have extensive experience in Linux, Mac and Windows operating systems, deep knowledge of network and web attack methods.  Perform monitoring and data correlation to events of interest using multiple tools such as system event logs, SIEM, IPS/IDS logs, network traffic, anti-virus console and client end-point software to determine if there is an incident. Respond to security incident and investigation requests. Triage cloud (AWS, Azure and AliCloud) security events and create correlations. Drive containment strategy during data loss or breach events. Triage and resolve advanced vector attacks such as botnets and advanced persistent threats (APTs), TTPs. Perform basic forensic activities e.g. conducting examinations of computers, system logs, applications and networks to locate evidence. Reverse engineer malware and identify malware infestation and attack patterns to fine tune our security controls. Perform Root cause analysis (RCA) for the incidents and update the knowledge management. Works directly with data asset owners and business response plan owners during high severity incidents. Create and tune signatures and policies of IDS, proxy, in-line malware tools based on threat feeds, trust and reputation data, incidents, or vulnerabilities and exploits of downstream systems. Provide tuning recommendations to administrators based on findings during investigations or threat information reviews. Creating and tuning the work flow documents. Evaluate various protection mechanisms / tools and recommend the best suited. Configure and maintain high and low interaction honeypots, spider-traps etc, and monitor the activities. Technical & Professional Skill Requirements: Hands-on investigation and log analysis exposure Experience in IT security and defensive technologies (Antivirus, Firewalls, Event Monitoring, Network and Perimeter devices, Data Loss Prevention, IDS, Web content filtering) Should be familiar with handling and mitigating attacks related to viruses, spoofing, hoaxes, malware Should be familiar with emerging security threats and their attack vectors especially web application attacks Knowledge of SSL/TLS, certificates and encryption methods Exposure to security tools (Web application firewalls, web application security scanning with Burp Suite, Nessus and Tenable Security Center, Snort IDS, Wireshark, Scapy, Data Loss Prevention software, NitroView/McAfee ESM) Good documentation, analysis skills with excellent problem solving and planning skills with a flexible approach Sound understanding of OS (Unix/Linux, Windows, OSX), IPS/IDS, VPN, Firewalls, Web Application Firewalls, Application Security. Good to have certifications: CSA, GCIH, GCIA